├── Detect_Role_Assignment.kql
├── KQL_getting_started.txt
├── KQL_getting_started_part_2.txt
├── Links.txt
├── Links_Custom_Security_Attributes.txt
├── README.md
├── SC-100
    └── Links.md
├── SC-200
    ├── Links.md
    ├── Suspicious_priv_role_change_with_PIM.kql
    ├── Suspicious_priv_role_change_without_PIM.kql
    └── Users_Signing_Applications_without_CA.kql
├── SC-300
    └── Links.md
├── SC-400
    └── Links.md
├── SC-900
    └── Links.txt
└── User_Logons_by_Logon_Type.yaml


/Detect_Role_Assignment.kql:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/Detect_Role_Assignment.kql


--------------------------------------------------------------------------------
/KQL_getting_started.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/KQL_getting_started.txt


--------------------------------------------------------------------------------
/KQL_getting_started_part_2.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/KQL_getting_started_part_2.txt


--------------------------------------------------------------------------------
/Links.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/Links.txt


--------------------------------------------------------------------------------
/Links_Custom_Security_Attributes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/Links_Custom_Security_Attributes.txt


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/README.md


--------------------------------------------------------------------------------
/SC-100/Links.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/SC-100/Links.md


--------------------------------------------------------------------------------
/SC-200/Links.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/SC-200/Links.md


--------------------------------------------------------------------------------
/SC-200/Suspicious_priv_role_change_with_PIM.kql:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/SC-200/Suspicious_priv_role_change_with_PIM.kql


--------------------------------------------------------------------------------
/SC-200/Suspicious_priv_role_change_without_PIM.kql:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/SC-200/Suspicious_priv_role_change_without_PIM.kql


--------------------------------------------------------------------------------
/SC-200/Users_Signing_Applications_without_CA.kql:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/SC-200/Users_Signing_Applications_without_CA.kql


--------------------------------------------------------------------------------
/SC-300/Links.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/SC-300/Links.md


--------------------------------------------------------------------------------
/SC-400/Links.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/SC-400/Links.md


--------------------------------------------------------------------------------
/SC-900/Links.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/SC-900/Links.txt


--------------------------------------------------------------------------------
/User_Logons_by_Logon_Type.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tomwechsler/Microsoft_Cloud_Security/HEAD/User_Logons_by_Logon_Type.yaml


--------------------------------------------------------------------------------